VPN L2Tp Collegamento mancato

[routermaniak]

la 10.0.2.0/24 con gateway Express VPN non serve.

Crea una static route con source address la la tua LAN (192.168.1.0/24) e la inserisci in una table che chiami ad esempio VPN.

Poi vai nelle route e crei un'altra route 0.0.0.0/0 con gateway l'IP della VPN (l'IP non il nome) e nel routing mark gli definisci VPN (o il nome che hai dciso prima)

Sei troppo tecnico!!! Possiamo fare passo passo? Ti do i dati:

Lan : 10.0.2.0/24 Lan Routerboard

IP Express Vpn: 1.0.0.1

[routermaniak]

Ciao e Buon giorno .
ti volevo aggiornare circa il collegamento della rb all vpn pubblica. ho trovato un video sul tubo che faceva proprio al mio caso. Ma ovviamente ho semplicemente applicato quello che diceva senza capire troppo.
Ho cretao un nat scrnat per la vpn pubblica con outinterface la vpn in oggetto (masquerade). Poi tre regole di mangle ( dhcp , fuori del dhcp, e per ip pool del server l2tp della routerboard) action mark routing, scegliendo il nome expressvpn. Finalmente adesso viene rilevato l'ip straniero sulla connessione!
ma cè stato comunque un sito che non ricordo che ha cmq rilevato ip ita! da cosa puo dipendere cio?

[routermaniak]

Ciao e Buon giorno .
ti volevo aggiornare circa il collegamento della rb all vpn pubblica. ho trovato un video sul tubo che faceva proprio al mio caso. Ma ovviamente ho semplicemente applicato quello che diceva senza capire troppo.
Ho cretao un nat scrnat per la vpn pubblica con outinterface la vpn in oggetto (masquerade). Poi tre regole di mangle ( dhcp , fuori del dhcp, e per ip pool del server l2tp della routerboard) action mark routing, scegliendo il nome expressvpn. Finalmente adesso viene rilevato l'ip straniero sulla connessione!
ma cè stato comunque un sito che non ricordo che ha cmq rilevato ip ita! da cosa puo dipendere cio?

volevo aggiungere che la regola di mangle per il range del DHCP della rb mi chiude la rotta verso l'ip del modem telecom 192.168.1.1! E' possibile fare in modo che anche con il mangle attivo tale IP sia raggiungibile?

[radiation]

Che è poi la stessa cosa che ti ho detto di fare.
Se sei nel mangle stai lavorando nella chain di pre-routing......quindi o modifichi la regola solo per l'uscita oppure metti delle regole per consentire accesso all'IP del modem.

Ma ripeto che come al solito per ottenere lo stesso risultato in Mikrotik ci sono diverse strade. Quindi andrebbe capita bene la tua configurazione per darti una risposta precisa.

[routermaniak]

In ip route avevo già la rotta X raggiungere l ip del modem e funzionava benissimo! Dopo L applicazione del mangle in qualche maniera l ha corrotta! Ammetto xo la mia ignoranza


Inviato dal mio iPhone utilizzando Tapatalk

[radiation]

Non è che è corrotta. Bisogna vedere la configurazione. Anche la posizione delle rotte assume importanza.

[routermaniak]

Dimmi che cosa devo farti sapere con precisione!


Inviato dal mio iPhone utilizzando Tapatalk

[radiation]

Direi l'intera configurazione! Altrimenti come si fa a capire cosa hai fatto e dove è il problema?

[routermaniak]

Direi l'intera configurazione! Altrimenti come si fa a capire cosa hai fatto e dove è il problema?

Spero tu ci possa dare un'occhiata:

Codice: Seleziona tutto

# oct/09/2017 20:07:35 by RouterOS 6.40.3
# software id =
#
# model = 2011UiAS
# serial number = ************
/interface bridge
add arp=proxy-arp fast-forward=no mtu=1500 name=bridge_LAN
/interface ethernet
set [ find default-name=ether10 ] arp=proxy-arp comment=WanVs_TIM
/interface l2tp-client
add allow=chap,mschap1,mschap2 connect-to=\
    *******.******provider.com disabled=no ipsec-secret=******** \
    keepalive-timeout=disabled name=ExpressVpn password=******* use-ipsec=\
    yes user=*******
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1,md5 enc-algorithms=\
    aes-256-cbc,aes-192-cbc,camellia-192,aes-128-cbc,3des pfs-group=none
/ip pool
add name=dhcp_pool1 ranges=10.0.2.101-10.0.2.254
add name=vpn ranges=10.0.3.95-10.0.3.98
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
    interface=bridge_LAN lease-time=3d name=dhcp1
/ppp profile
add change-tcp-mss=yes local-address=10.0.3.1 name=profile-vpn \
    remote-address=vpn use-encryption=yes use-ipv6=default
set *FFFFFFFE use-compression=no use-ipv6=no use-mpls=no
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge_LAN interface=ether2
add bridge=bridge_LAN interface=ether3
add bridge=bridge_LAN interface=ether4
add bridge=bridge_LAN interface=ether5
add bridge=bridge_LAN interface=ether6
add bridge=bridge_LAN interface=ether7
add bridge=bridge_LAN interface=ether8
add bridge=bridge_LAN interface=ether9
add bridge=bridge_LAN interface=sfp1
add bridge=bridge_LAN interface=ether1
/ipv6 settings
set max-neighbor-entries=1024
/interface l2tp-server server
set default-profile=profile-vpn enabled=yes ipsec-secret=********
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2
/ip address
add address=10.0.2.1/24 interface=bridge_LAN network=10.0.2.0
add address=192.168.1.50/24 interface=ether10 network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server lease
add address=10.0.2.112 client-id= mac-address=\
     server=dhcp1
add address=10.0.2.114 client-id= comment=TV-Curved \
    mac-address= server=dhcp1
add address=10.0.2.104 client-id= mac-address=\
     server=dhcp1
/ip dhcp-server network
add address=10.0.2.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.0.2.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=10.0.2.0/24 list=Home_lan


/ip firewall filter
add action=accept chain=input comment="VPN L2TP UDP 500" disabled=yes \
    dst-port=500 in-interface=ether10 protocol=udp
add action=accept chain=input comment="VPN L2TP UDP 1701" disabled=yes \
    dst-port=1701 in-interface=ether10 protocol=udp
add action=accept chain=input comment="VPN L2TP 4500" disabled=yes dst-port=\
    4500 in-interface=ether10 protocol=udp
add action=accept chain=input comment="VPN L2TP ESP" disabled=yes \
    in-interface=ether10 protocol=ipsec-esp
add action=accept chain=input comment="VPN L2TP AH" disabled=yes \
    in-interface=ether10 protocol=ipsec-ah
add action=add-src-to-address-list address-list=Syn_Flooder \
    address-list-timeout=30m chain=input comment=\
    "Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp \
    tcp-flags=syn
add action=drop chain=input comment="Drop to syn flood list" \
    src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner \
    address-list-timeout=1w chain=input comment="Port Scanner Detect" \
    protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" \
    src-address-list=Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=\
    ICMP protocol=icmp
add action=drop chain=input comment="Block all access to the winbox - except t\
    o support list # DO NOT ENABLE THIS RULE BEFORE ADD YOUR SUBNET IN THE SUP\
    PORT ADDRESS LIST" disabled=yes dst-port=8291 protocol=tcp \
    src-address-list=!support
add action=jump chain=forward comment="Jump for icmp forward flow" \
    jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
    bogons
add action=add-src-to-address-list address-list=spammers \
    address-list-timeout=3h chain=forward comment=\
    "Add Spammers to the list for 3 hours" connection-limit=30,32 dst-port=\
    25,587 limit=30/1m,0:packet protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 \
    protocol=tcp src-address-list=spammers
add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
add action=accept chain=input comment="Accept to established connections" \
    connection-state="" protocol=tcp
add action=accept chain=input comment="Accept to related connections" \
    connection-state="" protocol=tcp
add action=accept chain=input comment="Full access to SUPPORT address list" \
    src-address-list=support
add action=drop chain=input comment="Drop anything else! # DO NOT ENABLE THIS \
    RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED" disabled=yes
add action=accept chain=ICMP comment="Echo request - Avoiding Ping Flood" \
    icmp-options=8:0 limit=1,5:packet protocol=icmp
add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=\
    icmp
add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 \
    protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" icmp-options=\
    3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp
add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP \
    protocol=icmp
add action=accept chain=forward comment="allow established connections" \
    connection-state=""
add action=accept chain=forward comment="allow related connections" \
    connection-state=""
add action=drop chain=forward comment="drop invalid connections" \
    connection-state=""
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=135-139 \
    protocol=tcp
add action=drop chain=virus comment="Drop Messenger Worm" dst-port=135-139 \
    protocol=udp
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=445 \
    protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=445 \
    protocol=udp
add action=drop chain=virus comment=________ dst-port=593 protocol=tcp
add action=drop chain=virus comment=________ dst-port=1024-1030 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" dst-port=1080 protocol=tcp
add action=drop chain=virus comment=________ dst-port=1214 protocol=tcp
add action=drop chain=virus comment="ndm requester" dst-port=1363 protocol=\
    tcp
add action=drop chain=virus comment="ndm server" dst-port=1364 protocol=tcp
add action=drop chain=virus comment="screen cast" dst-port=1368 protocol=tcp
add action=drop chain=virus comment=hromgrafx dst-port=1373 protocol=tcp
add action=drop chain=virus comment=cichlid dst-port=1377 protocol=tcp
add action=drop chain=virus comment=Worm dst-port=1433-1434 protocol=tcp
add action=drop chain=virus comment="Bagle Virus" dst-port=2745 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" dst-port=2283 protocol=\
    tcp
add action=drop chain=virus comment="Drop Beagle" dst-port=2535 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" dst-port=2745 protocol=\
    tcp
add action=drop chain=virus comment="Drop MyDoom" dst-port=3127-3128 \
    protocol=tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" dst-port=3410 \
    protocol=tcp
add action=drop chain=virus comment=Worm dst-port=4444 protocol=tcp
add action=drop chain=virus comment=Worm dst-port=4444 protocol=udp
add action=drop chain=virus comment="Drop Sasser" dst-port=5554 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" dst-port=8866 protocol=\
    tcp
add action=drop chain=virus comment="Drop Dabber.A-B" dst-port=9898 protocol=\
    tcp
add action=drop chain=virus comment="Drop Dumaru.Y" dst-port=10000 protocol=\
    tcp
add action=drop chain=virus comment="Drop MyDoom.B" dst-port=10080 protocol=\
    tcp
add action=drop chain=virus comment="Drop NetBus" dst-port=12345 protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" dst-port=17300 protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" dst-port=27374 protocol=\
    tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" dst-port=\
    65506 protocol=tcp
add action=jump chain=forward comment="jump to the virus chain" jump-target=\
    virus
add action=accept chain=forward comment="Allow HTTP" dst-port=80 protocol=tcp
add action=accept chain=forward comment="Allow SMTP" dst-port=25 protocol=tcp
add action=accept chain=forward comment="allow TCP" protocol=tcp
add action=accept chain=forward comment="allow ping" protocol=icmp
add action=accept chain=forward comment="allow udp" protocol=udp
add action=drop chain=forward comment="drop everything else"
add action=add-src-to-address-list address-list=blocked-addr \
    address-list-timeout=1d chain=input connection-limit=32,32 protocol=tcp
add action=tarpit chain=input connection-limit=3,32 protocol=tcp \
    src-address-list=blocked-addr
add action=jump chain=forward comment="SYN Flood protect" connection-state="" \
    jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add action=accept chain=SYN-Protect connection-state="" limit=400,5:packet \
    protocol=tcp tcp-flags=syn
add action=drop chain=SYN-Protect connection-state="" protocol=tcp tcp-flags=\
    syn
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
    protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \
    tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp \
    tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=\
    tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp \
    tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp \
    tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" \
    src-address-list="port scanners"
add action=drop chain=forward comment="\"BLOCK SPAMMERS OR INFECTED USERS\"" \
    dst-port=25 protocol=tcp src-address-list=spammers
add action=add-src-to-address-list address-list=spammers \
    address-list-timeout=1w3d chain=forward comment=\
    "\"Detect and add-list SMTP virus or spammers\"" connection-limit=30,32 \
    dst-port=25 limit=50,5:packet protocol=tcp
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
    protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output content="530 Login incorrect" dst-limit=\
    1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
    address-list-timeout=3h chain=output content="530 Login incorrect" \
    protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state="" dst-port=22 \
    protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state="" dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state="" dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state="" dst-port=22 \
    protocol=tcp
add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
add action=drop chain=forward comment="Drop Address List" src-address-list=\
    blacklist
add action=accept chain=input comment=smb1 disabled=yes dst-port=137-138 \
    protocol=udp src-address-list=smb-allow
add action=accept chain=input comment=smb2 disabled=yes dst-port=137,139 \
    protocol=tcp src-address-list=smb-allow
add action=accept chain=input comment=FTP-Rb disabled=yes dst-port=2121 \
    protocol=tcp
/ip firewall mangle
add action=mark-routing chain=prerouting comment=ExpressVpn-DHCP \
    new-routing-mark=ExpressVpn passthrough=no src-address=\
    10.0.2.101-10.0.2.113
add action=mark-routing chain=prerouting comment=ExpressVpn-NoDHCP \
    new-routing-mark=ExpressVpn passthrough=no src-address=\
    10.0.2.1-10.0.2.100
add action=mark-routing chain=prerouting comment=L2TP-Server \
    new-routing-mark=ExpressVpn passthrough=no src-address=\
    10.0.3.95-10.0.3.98
add action=mark-routing chain=prerouting comment="TV55-fuori Mangle" \
    new-routing-mark=ExpressVpn passthrough=no src-address=\
    10.0.2.115-10.0.2.254
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether10 src-address=\
    10.0.2.0/24
add action=dst-nat chain=dstnat comment=Garden_Cam dst-port=8081 log=yes \
    protocol=tcp to-addresses=10.0.2.14 to-ports=8081
add action=dst-nat chain=dstnat comment=SSH_Rasp dst-port=22 log=yes \
    protocol=tcp to-addresses=10.0.2.100 to-ports=22
add action=dst-nat chain=dstnat comment=FTP-Rasp dst-port=21 log=yes \
    protocol=tcp to-addresses=10.0.2.100 to-ports=21
add action=dst-nat chain=dstnat comment=Passive-Range-RaspFTP dst-port=\
    49152-65534 log=yes protocol=tcp to-addresses=10.0.2.100 to-ports=\
    49152-65534
add action=dst-nat chain=dstnat comment=FTP-Rb disabled=yes dst-port=2121 \
    log=yes protocol=tcp to-addresses=10.0.2.1 to-ports=2121
add action=dst-nat chain=dstnat comment=Webmin disabled=yes dst-port=10000 \
    protocol=tcp to-addresses=10.0.2.100 to-ports=10000
add action=dst-nat chain=dstnat comment=Cups_Print-Server disabled=yes \
    dst-port=631 protocol=tcp to-addresses=10.0.2.100 to-ports=631
add action=dst-nat chain=dstnat comment=Sane-RaspScan disabled=yes dst-port=\
    6566 protocol=tcp to-addresses=10.0.2.100 to-ports=6566
add action=dst-nat chain=dstnat comment=AccesPoint disabled=yes dst-port=80 \
    log=yes protocol=tcp to-addresses=10.0.2.12
add action=masquerade chain=srcnat comment="Masquerade per VPN " src-address=\
    10.0.3.0/24
add action=dst-nat chain=dstnat comment=FTP-Routerboard dst-port=2201 log=yes \
    protocol=tcp to-addresses=10.0.2.1 to-ports=2201
add action=masquerade chain=srcnat comment=ExpressVpn out-interface=\
    ExpressVpn
/ip firewall service-port
set ftp ports=2121
/ip ipsec peer
add dh-group=modp1024 enc-algorithm=aes-256,aes-192,camellia-192,aes-128,3des \
    exchange-mode=main-l2tp generate-policy=port-override passive=yes secret=\
    Viaisola71bis
/ip route
add distance=1 gateway=ExpressVpn routing-mark=ExpressVpn
add distance=1 gateway=192.168.1.1
/ip service
set telnet disabled=yes
set ftp disabled=yes port=2121
set www disabled=yes
set ssh address=10.0.2.0/24,10.0.3.0/24 port=2201
set api disabled=yes
set api-ssl disabled=yes
/ip smb
set allow-guests=no interfaces=bridge_LAN,ether10
/ip smb shares
add directory=/disk1 max-sessions=1 name=share1
/ppp secret
add name=****** password=******** profile=profile-vpn
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Rome
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set ExpressVpn disabled=yes display-time=5s
set bridge_LAN disabled=yes display-time=5s
set sfp1 disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set ether6 disabled=yes display-time=5s
set ether7 disabled=yes display-time=5s
set ether8 disabled=yes display-time=5s
set ether9 disabled=yes display-time=5s
set ether10 disabled=yes display-time=5s
/system logging
add disabled=yes topics=debug
add disabled=yes topics=l2tp
add topics=ipsec,debug,!packet
/system ntp client
set enabled=yes primary-ntp=193.204.114.232 secondary-ntp=193.204.114.233
/system ntp server
set broadcast=yes enabled=yes multicast=yes
/system scheduler
add comment="Download openbl list" interval=1w name=DownloadBegoneList \
    on-event=Download_openbl policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    jan/01/1970 start-time=01:05:00
add comment="Apply openbl List" interval=1w name=InstallBegoneList on-event=\
    Replace_openbl policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    jan/01/1970 start-time=01:15:00
add comment="Download spamnaus list" interval=1w name=DownloadSpamhausList \
    on-event=Download_spamhaus policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    jan/01/1970 start-time=02:02:00
add comment="Apply spamnaus List" interval=1w name=InstallSpamhausList \
    on-event=Replace_spamhaus policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    jan/01/1970 start-time=02:12:00
add comment="Download dshield list" interval=1w name=DownloadDShieldList \
    on-event=Download_dshield policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    jan/01/1970 start-time=02:42:00
add comment="Apply dshield List" interval=1w name=InstallDShieldList \
    on-event=Replace_dshield policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    jan/01/1970 start-time=02:52:00
/system script
add name=Download_openbl owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\
    \n/tool fetch url=\"http://joshaven.com/openbl.rsc\" mode=http;\
    \n:log info \"Downloaded openbl.rsc from Joshaven.com\";\
    \n"
add name=Replace_openbl owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\
    \n:foreach i in=[/ip firewall address-list find ] do={\
    \n:if ( [/ip firewall address-list get \$i comment] = \"OpenBL\" ) do={\
    \n/ip firewall address-list remove \$i\
    \n}\
    \n}\
    \n/import file-name=openbl.rsc;\
    \n:log info \"Removal old openbl and add new\";\
    \n"
add name=Download_spamhaus owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\
    \n/tool fetch url=\"http://joshaven.com/spamhaus.rsc\" mode=http;\
    \n:log info \"Downloaded spamhaus.rsc from Joshaven.com\";\
    \n"
add name=Replace_spamhaus owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\
    \n:foreach i in=[/ip firewall address-list find ] do={\
    \n:if ( [/ip firewall address-list get \$i comment] = \"SpamHaus\" ) do={\
    \n/ip firewall address-list remove \$i\
    \n}\
    \n}\
    \n/import file-name=spamhaus.rsc;\
    \n:log info \"Removal old openbl and add new\";\
    \n"
add name=Download_dshield owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\
    \n/tool fetch url=\"http://joshaven.com/dshield.rsc\" mode=http;\
    \n:log info \"Downloaded dshield.rsc from Joshaven.com\";\
    \n"
add name=Replace_dshield owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\
    \n:foreach i in=[/ip firewall address-list find ] do={\
    \n:if ( [/ip firewall address-list get \$i comment] = \"DShield\" ) do={\
    \n/ip firewall address-list remove \$i\
    \n}\
    \n}\
    \n/import file-name=dshield.rsc;\
    \n:log info \"Removal old dshield and add new\";\
    \n"
/tool romon port
add
/tool user-manager database
set db-path=user-manager1


Fammi sapere

[radiation]

Azzz. ma cosa diavolo ci hai messo???? Devo guardarci quando sono più tranquillo; ma a prima vista più della metà delle regole non servono a nulla.

Se ti do un acesso L2TP riesci ad attivarmi un tunnel? Mi è più "semplice" capire